In Windows 7 and Windows Server 2008 R2, you must configure your computers to use the DES-CBC-MD5 or DES-CBC-CRC cipher suites. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment.

In Windows 7 and Windows Server 2008 R2, Kerberos supports elliptic curve cryptography (ECC) for smart card logon that uses X.509 certificates. Although this change is not visible to end users, they will benefit from stronger cryptography for their smart card logons. There is no configuration required to obtain ECC support in Kerberos. However, your smart cards and readers must support ECC.